Arizona Secretary of State Michele Reagan told CNBC on Wednesday that the email attachment was something anyone would have opened. She said she was told it appeared the email originated in Russia, but that was not certain.

Reagan said she was alerted to the hack after the Federal Bureau of Investigation found a credential — a username and login — for the state system for sale on the dark web.

“It was really frightening and scary considering we’re in charge of almost four million people’s information,” Reagan said.

Reagan said her office had a lot of decisions to make in short amount of time to protect voter safety and took the system offline.

“At that moment in time, the most important thing was what do we do with that database,” she said. “How do we inspect it? We need to make sure that no information was taken, no information was altered, a virus wasn’t inserted into that system.”

She said, while the voter database was hacked, the voting registration system was not.

“We got lucky once,” she said, adding that the state has added multi-factor authentication, required the changing and strengthening of passwords and made other tweaks to better protect the system.

Comey did not say where the intrusions were or give any additional details. But he told the House Judiciary Committee that the agency is “investigating to try to understand exactly what mischief the Russians might be up to in connection with our political institutions and the election system more broadly.”

Comey said the FBI had also detected a variety of “scanning activities,” which he said are an early indication of hacking.

“We are urging the states just to make sure that their deadbolts are thrown and their locks are on and to get the best information they can from DHS, just to make sure their systems are secure,” he said, referring to the Department of Homeland Security.